Skip to content

feat: Add --redact-body-fields option to prevent credentials in tapes #655

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
NikoRoberts wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Add --redact-body-fields option to prevent credentials in tapes #655

NikoRoberts wants to merge 1 commit into from

Conversation

@NikoRoberts
Copy link

@NikoRoberts NikoRoberts commented Nov 26, 2025
edited
Loading

Summary

Add --redact-body-fields CLI option to redact sensitive JSON fields in request and response bodies during tape recording. This prevents credentials like passwords, tokens, and API keys from being written to disk.

What was done

Implemented body field redaction in Proxay core:

1. CLI Option

proxay --mode record --host https://api.example.com \
  --tapes-dir ./tapes \
  --redact-body-fields password,access_token,refresh_token,api_key

2. Implementation Details

  • Location: src/persistence.ts (redaction before serialization)
  • Parsing: UTF8-encoded JSON bodies only (binary/non-JSON unchanged)
  • Matching: Case-insensitive field names
  • Recursion: Handles nested objects and arrays
  • Redaction value: XXXX (matches existing --redact-headers pattern)

3. Example

Before redaction:

{"email": "[email protected]", "password": "secret123"}

After redaction:

{"email": "[email protected]", "password": "XXXX"}

Changes

Core Files

  • src/cli.ts - Added --redact-body-fields option
  • src/server.ts - Wired option to Persistence layer
  • src/persistence.ts - Implemented redaction logic
    • redactBodyFields() - Main entry point
    • redactBufferFields() - JSON parsing and Buffer conversion
    • redactObjectFields() - Recursive field redaction

Tests Added (9 comprehensive tests)

  • ✅ Redacts simple JSON fields
  • ✅ Case-insensitive matching
  • ✅ Nested object redaction
  • ✅ Array handling
  • ✅ Response body redaction
  • ✅ Non-JSON body handling (returns unchanged)
  • ✅ Binary body handling (returns unchanged)
  • ✅ Empty body handling
  • ✅ No-op when no fields specified

@NikoRoberts
feat: Add --redact-body-fields option to redact JSON body fields
5e28169 
Add support for redacting sensitive JSON fields in request and response
bodies during tape recording. This prevents credentials like passwords,
tokens, and API keys from being written to tape files.

## Changes

### CLI (src/cli.ts)
- Added `--redact-body-fields <fields>` option accepting comma-separated list
- Passes field names to RecordReplayServer

### Server (src/server.ts)
- Added `redactBodyFields` parameter to constructor options
- Passes field names to Persistence layer

### Persistence (src/persistence.ts)
- Updated constructor to accept `redactBodyFields` parameter
- Added `redactBodyFields()` function to redact both request/response bodies
- Added `redactBufferFields()` to parse JSON and redact field values
- Added `redactObjectFields()` for recursive redaction of nested objects/arrays
- Case-insensitive field matching
- Gracefully handles non-JSON bodies (returns unchanged)

### Tests (src/persistence.spec.ts)
- Added 9 comprehensive tests for body field redaction:
  - Simple JSON field redaction
  - Case-insensitive matching
  - Nested object redaction
  - Array handling
  - Response body redaction
  - Non-JSON body handling
  - Binary body handling
  - Empty body handling
  - No-op when no fields specified

## Usage

```bash
# Record with body field redaction
proxay --mode record --host https://api.example.com \
  --tapes-dir ./tapes \
  --redact-body-fields password,access_token,refresh_token,api_key

# Redact specific fields
PROXAY_REDACT_BODY_FIELDS=password,token proxay --mode record ...
```

## Example

Before redaction:
```json
{"email": "[email protected]", "password": "secret123"}
```

After redaction:
```json
{"email": "[email protected]", "password": "XXXX"}
```

## Compatibility

- Works alongside existing `--redact-headers` option
- Only affects utf8-encoded JSON bodies
- Binary bodies and non-JSON bodies are unchanged
- Matches existing "XXXX" redaction pattern from header redaction

Related: Phase 2 of security alert remediation (GitHub secret scanning)
@NikoRoberts NikoRoberts requested a review from a team as a code owner November 26, 2025 22:27
@CLAassistant
Copy link

CLAassistant commented Nov 26, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

timdawborn
timdawborn reviewed Dec 1, 2025
View reviewed changes
Copy link
Contributor

@timdawborn timdawborn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM apart from the linting issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timdawborn timdawborn timdawborn left review comments

@jordanbinskin jordanbinskin Awaiting requested review from jordanbinskin jordanbinskin is a code owner automatically assigned from airtasker/web-eng

At least 3 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@NikoRoberts @CLAassistant @timdawborn